Lucene search
K

5 matches found

NVD
NVD
added 2026/06/18 2:17 p.m.14 views

CVE-2026-11719

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 11:55 a.m.10 views

EUVD-2026-37881

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS5.5AI score0.0015EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:55 a.m.26 views

CVE-2026-11719

CVE-2026-11719 describes an authenticated authorization bypass in MCP Toolbox for Databases due to missing scope enforcement on older protocol handlers. The 2025-11-25 protocol version handler enforces per-tool scope restrictions, but older versions (2025-06-18, 2025-03-26, 2024-11-05) omit this ...

8.6CVSS5.5AI score0.0015EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.9 views

Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents

Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x...

6AI score
Exploits0
OSV
OSV
added 2026/03/02 9:59 p.m.4 views

GHSA-JR6X-2Q95-FH2G OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools

Summary An authorization mismatch allowed authenticated callers with operator.write access to invoke owner-only tool surfaces gateway, cron through agent runs in scoped-token deployments. Impact On affected deployments, write-scoped callers could perform control-plane actions beyond intended writ...

8.7CVSS5.9AI score0.00412EPSS
Exploits0References2
Rows per page
Query Builder